如前所述,原因与JDK错误有关,在JDK错误中,使用setHostnameVerifier()会破坏SNI(扩展名server_name)。 https://bugs.openjdk.java.net/browse/JDK-8144566
解决方法:经过测试,我们发现将连接的SSLSocketFactory设置为默认值几乎可以解决所有问题。
这不起作用:
HttpsURLConnection.setSSLSocketFactory((SSLSocketFactory) SSLSocketFactory.getDefault());
这确实有效:
HttpsURLConnection.setSSLSocketFactory(new SSLSocketFactoryFacade());
因此,要为JAX-WS客户端修复它,可以执行以下操作:
bindingProvider.getRequestContext().put("com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory", new SSLSocketFactoryFacade());我们的SSLSocketFactory外观:(请注意,它实际上什么都不做)
public class SSLSocketFactoryFacade extends SSLSocketFactory { SSLSocketFactory sslsf; public SSLSocketFactoryFacade() { sslsf = (SSLSocketFactory) SSLSocketFactory.getDefault();; } @Override public String[] getDefaultCipherSuites() { return sslsf.getDefaultCipherSuites(); } @Override public String[] getSupportedCipherSuites() { return sslsf.getSupportedCipherSuites(); } @Override public Socket createSocket(Socket socket, String s, int i, boolean b) throws IOException { return sslsf.createSocket(socket, s, i, b); } @Override public Socket createSocket(String s, int i) throws IOException, UnknownHostException { return sslsf.createSocket(s, i); } @Override public Socket createSocket(String s, int i, InetAddress inetAddress, int i1) throws IOException, UnknownHostException { return sslsf.createSocket(s, i, inetAddress, i1); } @Override public Socket createSocket(InetAddress inetAddress, int i) throws IOException { return createSocket(inetAddress, i); } @Override public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress1, int i1) throws IOException { return createSocket(inetAddress, i, inetAddress1, i1); }}
